A malicious pool or an attacker who is in the middle of a valid stratum connection can respond to a 'mining.subscribe' and instruct a miner to use a large nonce2 length. The attacker can then instruct the miner to generate blocks with a standard 'mining.notify' request. Once the miner has discovered a valid block it will attempt to copy this large nonce into a fixed size character array and overflow into stack memory.